FD.io VPP  v19.01.3-6-g70449b9b9
Vector Packet Processing
tls.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 
18 #include <vppinfra/lock.h>
19 
20 #ifndef SRC_VNET_TLS_TLS_H_
21 #define SRC_VNET_TLS_TLS_H_
22 
23 #define TLS_DEBUG 0
24 #define TLS_DEBUG_LEVEL_CLIENT 0
25 #define TLS_DEBUG_LEVEL_SERVER 0
26 
27 #define TLS_CHUNK_SIZE (1 << 14)
28 #define TLS_CA_CERT_PATH "/etc/ssl/certs/ca-certificates.crt"
29 
30 #if TLS_DEBUG
31 #define TLS_DBG(_lvl, _fmt, _args...) \
32  if (_lvl <= TLS_DEBUG) \
33  clib_warning (_fmt, ##_args)
34 #else
35 #define TLS_DBG(_lvl, _fmt, _args...)
36 #endif
37 
38 /* *INDENT-OFF* */
39 typedef CLIB_PACKED (struct tls_cxt_id_
40 {
44  u32 ssl_ctx;
46  u8 tcp_is_ip4;
47  u8 tls_engine_id;
48 }) tls_ctx_id_t;
49 /* *INDENT-ON* */
50 
51 STATIC_ASSERT (sizeof (tls_ctx_id_t) <= 42, "ctx id must be less than 42");
52 
53 typedef struct tls_ctx_
54 {
55  union
56  {
58  tls_ctx_id_t c_tls_ctx_id;
59  };
60 #define parent_app_index c_tls_ctx_id.parent_app_index
61 #define app_session_handle c_tls_ctx_id.app_session_handle
62 #define tls_session_handle c_tls_ctx_id.tls_session_handle
63 #define listener_ctx_index c_tls_ctx_id.listener_ctx_index
64 #define tcp_is_ip4 c_tls_ctx_id.tcp_is_ip4
65 #define tls_ctx_engine c_tls_ctx_id.tls_engine_id
66 #define tls_ssl_ctx c_tls_ctx_id.ssl_ctx
67 #define tls_ctx_handle c_c_index
68  /* Temporary storage for session open opaque. Overwritten once
69  * underlying tcp connection is established */
70 #define parent_app_api_context c_s_index
71 
75 } tls_ctx_t;
76 
77 typedef struct tls_main_
78 {
85 
86  /*
87  * Config
88  */
90  char *ca_cert_path;
91 } tls_main_t;
92 
93 typedef struct tls_engine_vft_
94 {
95  u32 (*ctx_alloc) (void);
96  void (*ctx_free) (tls_ctx_t * ctx);
97  tls_ctx_t *(*ctx_get) (u32 ctx_index);
98  tls_ctx_t *(*ctx_get_w_thread) (u32 ctx_index, u8 thread_index);
99  int (*ctx_init_client) (tls_ctx_t * ctx);
100  int (*ctx_init_server) (tls_ctx_t * ctx);
101  int (*ctx_read) (tls_ctx_t * ctx, stream_session_t * tls_session);
102  int (*ctx_write) (tls_ctx_t * ctx, stream_session_t * app_session);
103  u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx);
104  int (*ctx_start_listen) (tls_ctx_t * ctx);
105  int (*ctx_stop_listen) (tls_ctx_t * ctx);
107 
108 typedef enum tls_engine_type_
109 {
115 
117 void tls_register_engine (const tls_engine_vft_t * vft,
118  tls_engine_type_t type);
124 int tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed);
125 void tls_notify_app_enqueue (tls_ctx_t * ctx, stream_session_t * app_session);
126 #endif /* SRC_VNET_TLS_TLS_H_ */
127 /*
128  * fd.io coding-style-patch-verification: ON
129  *
130  * Local Variables:
131  * eval: (c-set-style "gnu")
132  * End:
133  */
enum tls_engine_type_ tls_engine_type_t
struct _transport_connection transport_connection_t
clib_rwlock_t half_open_rwlock
Definition: tls.h:82
char * ca_cert_path
Definition: tls.h:90
struct tls_main_ tls_main_t
int tls_notify_app_accept(tls_ctx_t *ctx)
Definition: tls.c:190
struct tls_engine_vft_ tls_engine_vft_t
u8 use_test_cert_in_ca
Definition: tls.h:89
u64 session_handle_t
Definition: session.h:111
unsigned char u8
Definition: types.h:56
#define listener_ctx_index
Definition: tls.h:63
void tls_notify_app_enqueue(tls_ctx_t *ctx, stream_session_t *app_session)
Definition: tls.c:181
u32 app_index
Definition: tls.h:79
u8 is_passive_close
Definition: tls.h:72
#define parent_app_index
Definition: tls.h:60
unsigned int u32
Definition: types.h:88
struct _stream_session_t stream_session_t
long ctx[MAX_CONNS]
Definition: main.c:144
Definition: tls.h:77
tls_ctx_id_t c_tls_ctx_id
Definition: tls.h:58
int tls_add_vpp_q_tx_evt(stream_session_t *s)
Definition: tls.c:70
Definition: tls.h:53
int tls_notify_app_connected(tls_ctx_t *ctx, u8 is_failed)
Definition: tls.c:232
struct tls_ctx_ tls_ctx_t
u8 ** rx_bufs
Definition: tls.h:83
int tls_add_vpp_q_builtin_rx_evt(stream_session_t *s)
Definition: tls.c:62
void tls_register_engine(const tls_engine_vft_t *vft, tls_engine_type_t type)
Definition: tls.c:748
transport_connection_t connection
Definition: tls.h:57
#define app_session_handle
Definition: tls.h:61
tls_main_t * vnet_tls_get_main(void)
Definition: tls.c:826
tls_ctx_t * half_open_ctx_pool
Definition: tls.h:81
u8 ** tx_bufs
Definition: tls.h:84
int tls_add_vpp_q_builtin_tx_evt(stream_session_t *s)
Definition: tls.c:78
typedef CLIB_PACKED(struct tls_cxt_id_ { u32 parent_app_index;session_handle_t app_session_handle;session_handle_t tls_session_handle;u32 ssl_ctx;u32 listener_ctx_index;u8 tcp_is_ip4;u8 tls_engine_id;}) tls_ctx_id_t
STATIC_ASSERT(sizeof(tls_ctx_id_t)<=42, "ctx id must be less than 42")
u8 * srv_hostname
Definition: tls.h:74
int tls_add_vpp_q_rx_evt(stream_session_t *s)
Definition: tls.c:54
u8 resume
Definition: tls.h:73
#define tcp_is_ip4
Definition: tls.h:64
tls_engine_type_
Definition: tls.h:108
#define tls_session_handle
Definition: tls.h:62
tls_ctx_t * listener_ctx_pool
Definition: tls.h:80